[Mimedefang] Pre-greeting traffic.

[Jan-Pieter Cornet]

On Thu, Apr 12, 2007 at 03:56:05PM -0400, Mark G. Thomas wrote:
> > My mail system automatically firewalls spam sources.  Depending on a
> > variety of factors, the block is either for a few hours or indefinite.
> > 
> > At the moment about half of the spam sources I see send pre-greeting
> > traffic (I'm using sendmail's greet_pause feature), but blocking on
> > that basis alone does give false positives, which I'd like to avoid.
> 
> Really?  I haven't had any complaints about blocking any non-spam sources 
> due to pre-greeting traffic, and we're handling about a million messages 
> per week.  Right now we're using a greet_pause setting of 5000 (5 secs)
> and blocking about 45,000 connections per week with this rule.

Well... there are some "known" exceptions. At least when we installed
the greetpause, we got rejects on it from "known good" gmail and yahoo
mail servers. But it seemed those sites would retry later using
"proper" SMTP semantics, at least from a cursory inspection my logs.
However, since it's not useful to delay big sources of mostly good
email, we whitelisted them.

And then we had one call from a system in Turkey which claimed to be
unable to mail us since we introduced the greetpause, and we've
whitelisted them too, but that was unfortunately never investigated
further from what I can see.

Those are the only exceptions seen - from around 10 million mails
per day.

On another note: I looked briefly at the sendmail code involved and
if pre-greeting traffic could set a flag, but it required deep patches
to the sendmail source itself. I wouldn't recommend it, not for the
minimal gain you'd get from the oddball misbehaving system sending
"wanted" email.

-- 
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!